From fc8281065ac41809c1c6d04d65a4ef733ef3ce4f Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Jun 09 2010 21:48:14 +0000 Subject: - Fixes for bitlbee policy --- diff --git a/policy-F13.patch b/policy-F13.patch index 8751001..9faaa0f 100644 --- a/policy-F13.patch +++ b/policy-F13.patch @@ -14392,6 +14392,30 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah allow $1 avahi_t:dbus send_msg; allow avahi_t $1:dbus send_msg; ') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.7.19/policy/modules/services/bitlbee.te +--- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-04-13 20:44:37.000000000 +0200 ++++ serefpolicy-3.7.19/policy/modules/services/bitlbee.te 2010-06-09 23:44:39.315208775 +0200 +@@ -27,7 +27,8 @@ + # + # Local policy + # +-# ++ ++allow bitlbee_t self:capability { setgid setuid }; + + allow bitlbee_t self:udp_socket create_socket_perms; + allow bitlbee_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms }; +@@ -81,6 +82,10 @@ + + libs_legacy_use_shared_libs(bitlbee_t) + ++auth_use_nsswitch(bitlbee_t) ++ ++logging_send_syslog_msg(bitlbee_t) ++ + miscfiles_read_localization(bitlbee_t) + + sysnet_dns_name_resolve(bitlbee_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.7.19/policy/modules/services/bluetooth.if --- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-04-13 20:44:37.000000000 +0200 +++ serefpolicy-3.7.19/policy/modules/services/bluetooth.if 2010-05-28 09:42:00.066610888 +0200 diff --git a/selinux-policy.spec b/selinux-policy.spec index 215cbf9..61b6986 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -473,6 +473,7 @@ exit 0 - Allow ftpd ipc_lock capability - Allow audisp-remote to getcap and setcap - Allow iscsid to read and write raw memory devices +- Fixes for bitlbee policy * Wed Jun 9 2010 Miroslav Grepl 3.7.19-26 - Allow krb5kdc to write krb5kdc_principal_t file